Title: Computing the optimal ate pairing over elliptic curves with embedding degrees 54 and 48 at the 256-bit security level

Authors: Narcisse Bang Mbiang; Diego De Freitas Aranha; Emmanuel Fouotsa

Addresses: Department of Mathematics and Computer Science, Faculty of Sciences, The University of Dschang, P.O. Box 67, Dschang, West, Cameroon ' Department of Engineering, Aarhus University, Finlandsgade 22, bygning 5125, 8200 Aarhus N., Denmark; Institute of Computing, University of Campinas, Av. Albert Einstein, 1251, CEP13083-852, Campinas, Brazil ' Department of Mathematics, Higher Teacher Training College, The University of Bamenda, P.O. Box 39, Bambili, Cameroon

Abstract: Due to recent advances in the computation of finite fields discrete logarithms, the Barreto-Lynn-Scott family of elliptic curves of embedding degree 48 became suitable for instantiating pairing-based cryptography at the 256-bit security level. Observing the uncertainty around determining the constants that govern the best approach for computing discrete logarithms, Scott and Guillevic consider pairing-friendly elliptic curves of embedding degree higher than 50, and discovered a new family of elliptic curves with embedding degree 54. This work aims at investigating the theoretical and practical cost of both the Miller algorithm and the final exponentiation in the computation of the optimal ate pairing on the two aforementioned curves. Both our theoretical results, based on the operation counts of base-field operations, and our experimental observations collected from a real implementation, confirm that BLS48 curves remain the faster curve in the computation of the optimal ate pairing at the 256-bit security level.

Keywords: elliptic curves; pairing-friendly curves; optimal pairings; Miller loop; final exponentiation; embedding degrees 48 and 54; 256 bits security level.

DOI: 10.1504/IJACT.2020.10027563

International Journal of Applied Cryptography, 2020 Vol.4 No.1, pp.45 - 59

Received: 20 Nov 2018
Accepted: 04 Oct 2019

Published online: 06 May 2020 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article